GameOver Zeus is used for stealing financial data and spreading CryptoLocker ransomware

GameOver Zeus is a Trojan that is based on Zeus trojan that has first emerged in 2006. Then the name of this variant was given because of one of its filenames – gameover2.php. Malware is used to get remote access to the computer and steal private information, such as banking logins, passwords, and other financial data.

The Trojan is known for almost a decade and has alternative names – GameOver Trojan, GOZ,[1] and P2PZeuS. However, authorities also know who is standing behind this cyber threat – the Russian[2] hacker Evgeniy Mikhailovich Bogachev known as Slavik.

However, the success of malware is based not only on Slavik’s work. He created a group of 50 cyber criminals that are called “Business Club.”

In October 2013 GameOver Zeus has been started actively spreading and infecting systems with ransomware virus that is known as Cryptolocker. As soon as it is installed, it encrypts all important files that are stored on a computer and then demands payment for decrypting them.

The GameOver Zeus Trojan itself spreads via Cutwail botnet[3] and uses encrypted peer-to-peer communication with Command and Control server. During its lifetime, it has been mostly used for stealing money from banks and banking data.

Therefore, getting infected with malware might end up with financial and personal information loss. If you suspected that your PC might be infected with Trojan, you should scan your device with Reimage and remove GameOver Zeus from the PC.

However, you may need to take extra steps for GameOver Zeus removal if it brought ransomware to your PC. The detailed explanation about its elimination you can find at the end of this article.

Attempts to take down the dangerous Trojan

Security researchers are trying to take down the GameOver Zeus virus since 2011.[4] FBI, the U.S. and European security investigators and authorities launched several attacks against hacker’s networks. However, all the attempts failed.

In January 2013, researchers were close to taking down the malware. However, months of their work were not enough because they overlooked a critical component. As a result, the hacker updated its malicious network and took back control over its program.

In 2015, FBI put a $3 million bounty on Slavik’s head.[5] It’s the highest reward that has been offered for the cyber criminal in the United States. However, in 2017 he is still enjoying his life outside the jail.[6]

Distribution methods of the GameOver Trojan

GameOver Zeus virus has been actively spread using phishing and spam campaigns. In most of the cases, dangerous emails look like important messages from well-known organizations, such as FDIC, IRS, MySpace, Facebook, Microsoft, Federal Reserve Bank, the Federal Deposit Insurance Corporation (FDIC), the National Automated Clearing House Association (NACHA), etc.

Typically they include a link that redirects to the malicious website. When users get there, the Trojan is installed on the system.

Therefore, in order to avoid infiltration of a dangerous banking trojan, you should always inspect the email carefully:

check the information about the sender;

make sure that the email does not lack credentials;

look up for grammar and spelling mistakes.

If you still cannot decide should you trust the email or not, you can always call the organization or log in to the account directly by opening a new browser’s tab. Then you can be sure if criminals tried to attack you or not.

After GameOver Zeus removal, we highly recommend changing all of your passwords in order to protect your money and sensitive information from the attackers.

If this Trojan has already infected your PC with Cryptolocker, try to follow these steps:

Reboot you infected PC to “Safe mode with command prompt” by following instructions below to disable virus (this should be working with all versions of this threat)

Run Regedit

Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.

Search the registry for these files you have written down and delete the registry keys referencing the files.

Reboot and run a full system scan with updated security software.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove GameOver Zeus you agree to our privacy policy and agreement of use.

Reimage is recommended to uninstall GameOver Zeus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete GameOver Zeus removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

When a new window shows up, click Next and select your restore point that is prior the infiltration of GameOver Zeus. After doing that, click Next.

Now click Yes to start system restore.

Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that GameOver Zeus removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove GameOver Zeus from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by GameOver Zeus, you can use several methods to restore them: